The CMMC Proposed Rule and Expectations in 2024

CMMC 2.0 proposed rule featured

In December 2023, the Department of Defense announced its new Proposed Rules for CMMC. This release comes two years after their initial proposal for CMMC 2.0 as a framework. 

Many of CMMC’s expected requirements are coming to pass, and the DoD is looking to finalize and aggressively roll out the program over the next three years. 

Learn more about this next phase in CMMC implementation and what it might mean for your organization.

 

Read More

Leveraging Managed Security Service Providers for NIST 800-171 and CMMC Compliance in the Defense Supply Chain

glowing lock on binary code

The complex relationships between government agencies, third-party vendors, and managed service providers form a challenging web of connections that comprise the DoD digital supply chain. Both NIST 800-171 and CMMC address these at various points, expecting providers to adhere to complex security requirements. These requirements can become so complex that they may turn to Managed Service Providers (especially those in the security space) to help them maintain compliance. 

This article will cover how an MSSP can help you streamline compliance across frameworks like NIST 800-171 and CMMC. 

 

Read More

Third-Party Vendor Security and PCI DSS 

pci dss featured

We’ve regularly written about maintaining security and compliance with third-party vendors. While vendors and managed service providers are a crucial part of digital economies, it’s up to the client businesses to ensure they work with vendors that meet their needs. 

Following previous discussions of third-party vendor security under standards like SOC 2 and HIPAA, we’re now covering best practices for vendor management under PCI DSS 4.0.

Read More